CVE-2022-20716
Summary
| CVE | CVE-2022-20716 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-15 15:15:00 UTC |
| Updated | 2023-11-07 03:42:00 UTC |
| Description | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Catalyst Sd-wan Manager | - | All | All | All |
| Application | Cisco | Sd-wan | All | All | All | All |
| Application | Cisco | Sd-wan Manager | - | All | All | All |
| Application | Cisco | Sd-wan Solution | - | All | All | All |
| Application | Cisco | Sd-wan Vbond Orchestrator | - | All | All | All |
| Application | Cisco | Sd-wan Vedge Cloud | - | All | All | All |
| Application | Cisco | Sd-wan Vedge Router | - | All | All | All |
| Application | Cisco | Sd-wan Vmanage | - | All | All | All |
| Application | Cisco | Sd-wan Vsmart Controller Software | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20220413 Cisco SD-WAN Solution Improper Access Control Vulnerability | CISCO | tools.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317148 Cisco SD-WAN Solution Improper Access Control Vulnerability (cisco-sa-sd-wan-file-access-VW36d28P)